Hi, As Apache Struts 1.x is pretty old and it suffers from many security vulnerabilities, I decided to use a recent version of Apache Struts 2.x (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present in struts 2.x. Can you please let me know if the presence of this jar makes Struts 2.x vulnerable to security issues such as CVE-2012-1007 <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007>.
Thanks and Best Regards, Anu
